Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
35
votes
2 answers

Why is Google approaching my VPS machine?

I'm trying to track network activities on my machine running CentOS 7. According to iptables logs, it seems that Google (74.125.133.108) is approaching my VPS many times. I can see that source-port is always 993. What is the reason for…
ishahak
  • 501
  • 4
  • 8
35
votes
2 answers

What the meaning of "policy ACCEPT" and "policy DROP" in iptables?

When running service iptables status on 2 CentOS server, one server has policy ACCEPT in Chain INPUT, Chain FORWARD, and Chain OUTPUT another server has policy DROP in Chain INPUT and Chain FORWARD; while policy ACCEPT in Chain OUTPUT What the…
user56635
34
votes
9 answers

How to duplicate TCP traffic to one or multiple remote servers for benchmarking purposes?

Infrastructure: Servers in Datacenter, OS - Debian Squeeze, Webserver - Apache 2.2.16 Situation: The live server is in use by our cusotmers every day, which makes it impossible to test adjustments and improvements. Therefore we would like to…
Sise
  • 385
  • 2
  • 4
  • 9
32
votes
1 answer

Fail2ban jail.local vs jail.conf

Does jail.local file act as an override to jail.conf or as a replacement to jail.conf? When I was learning about Fail2Ban from tutorials, most of them usually say either to copy jail.conf to jail.local and make the edits there and some of them says…
Neel
  • 1,441
  • 7
  • 21
  • 35
32
votes
4 answers

list all route tables

I need to know how to list the IDs of all route tables. For example, I can run: ip rule add fwmark 2 table 104 ip route add dev eth0 default via 192.168.3.7 table 104 A call to ip rule list shows: 0: from all lookup local 32765: from all fwmark…
nic
  • 890
  • 1
  • 7
  • 10
32
votes
2 answers

How to enable iptables (instead of firewalld) services on RHEL 7 and Fedora 18?

The newest fedora has firewalld as new firewall aplication. I liked old iptables services. I want them back but have no idea how to do that. I have tried : systemctl disable firewalld.service systemctl stop firewalld.service systemctl enable…
B14D3
  • 5,188
  • 15
  • 64
  • 83
32
votes
5 answers

Why do ICMP Redirect Host happen?

I'm setting up a Debian box as a router for 4 subnets. For that I have defined 4 virtual interfaces on the NIC where the LAN is connected (eth1). eth1 Link encap:Ethernet HWaddr 94:0c:6d:82:0d:98 inet addr:10.1.1.1 …
El Barto
  • 963
  • 5
  • 16
  • 24
32
votes
5 answers

iptables - Target to route packet to specific interface?

My home server has two main interfaces, eth1 (a standard internet connection) and tun0 (an OpenVPN tunnel). I'd like to use iptables to force all packets generated by a local process owned by UID 1002 to exit through tun0, and all other packets to…
Ethan
  • 527
  • 1
  • 5
  • 10
32
votes
3 answers

Is it enough adding iptables rules without restart?

(Ubuntu server) Im running sudo iptables -A INPUT -s 127.0.0.1 -j ACCEPT sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 4/sec -j ACCEPT and then sudo iptables-save To get the function of the iptables rules,…
cewebugil
  • 715
  • 3
  • 9
  • 12
32
votes
3 answers

Iptables: How to allow only one ip through specific port?

How can I on my ubuntu server, in Iptables only allow one IP adress on a specific port? Thanks
Anonymous12345
  • 1,022
  • 2
  • 13
  • 18
31
votes
3 answers

Which ports for IPSEC/LT2P?

I have a firewall/router (not doing NAT). I've googled and seen conflicting answers. It seems UDP 500 is the common one. But the others are confusing. 1701, 4500. And some say I need to also allow gre 50, or 47, or 50 & 51. Ok, which ports are…
hookenz
  • 14,472
  • 23
  • 88
  • 143
30
votes
3 answers

When using iptables firewall rules, why assert NEW state on all allowed ports?

I often see iptables configured to allow all pakets to RELATED connections, and the specific service ports to NEW connections. What is the reason for stating NEW? If an connection is not NEW, it is RELATED I guess, so the specific port rule will…
dronus
  • 1,178
  • 1
  • 13
  • 15
29
votes
1 answer

Minimal rate and default class problem for HTB

I have some doubts about a HTB structure I'm using. My aim is to limit the download and upload speed of users in a local network. Each user of the network has a personal list of domains with a down and up speed for the domain he cannot exceed. It…
Mulot
  • 484
  • 5
  • 10
29
votes
3 answers

iptables show just one chain

tldr: How can I get iptables to show just one chain? I can have iptables show just one table, but a table consists of multiple chains. I need to find where in chain INPUT is the last rule (usually but not always the REJECT all rule). I've tried awk…
bgStack15
  • 1,111
  • 1
  • 12
  • 23
29
votes
3 answers

I have a file with all the iptable settings. How do I load this into my server?

My system admin gave me a file with iptables rules. What command do I type in to load this? I watched him do it before, and he did it in 1 line! Something like...iptables > thefile.dat ????
Alex
  • 8,471
  • 26
  • 75
  • 99
1 2 3
99 100